2d12c0a368
NoMethod check and stuff
2014-01-25 20:25:01 -06:00
3bb17dad72
Check argument
2014-01-25 20:10:22 -06:00
7dfd4ab22c
Change default thread count
2014-01-25 01:40:05 -06:00
2046209291
This one looks like is working
2014-01-25 01:27:48 -06:00
216fa4503a
Save progress
2014-01-24 23:32:29 -06:00
93fa58ed45
aux scanner support
2014-01-24 17:54:40 -06:00
856feb82e8
Land #2906 , check a given range
2014-01-24 16:01:57 -06:00
3c8d82e363
Ensure the rhost datastore option is restored
2014-01-23 21:12:59 -06:00
4bac297f66
Land #1473 , add LDAP hotness
2014-01-23 18:11:39 -06:00
4b21672b60
Remove hardcoded string
2014-01-23 23:55:09 +00:00
790e4d7559
Move options to mixin
2014-01-23 23:47:46 +00:00
398e8463b1
Add more informative errors
2014-01-23 23:19:00 +00:00
b5f61024c5
Land #2907 , fixes qual asset importer
...
Addresses MSP-9311
2014-01-23 13:32:22 -06:00
b07e87b1d6
Fix nil rhost
2014-01-23 10:33:05 -06:00
256f2b12eb
Land #2894 , @wchen-r7's CheckCode documentation update
2014-01-23 07:31:24 -06:00
c48595f239
Add support to scan a range of IPs for the check command
...
[SeeRM #8737 ] This allows the check command to scan multiple hosts.
2014-01-23 00:37:32 -06:00
58cf7193f9
fixing NameError undefined local variable in an import
2014-01-22 16:54:31 -06:00
9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 21:46:50 +00:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
80452767c8
Comments
2014-01-22 10:24:24 +00:00
156e3c046e
Dont lookup twice
2014-01-22 10:14:56 +00:00
6d6d1e1033
No need to fiddle with naming context
2014-01-22 10:06:36 +00:00
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
b8219e3e91
Warn the user about SSLCompression
2014-01-21 16:41:45 -06:00
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
ea47da5682
Add wiki link "How to write a check() method" to documentation
2014-01-20 20:10:50 -06:00
e48b8ae14c
Use a better term
2014-01-19 16:01:38 -06:00
afd0e71457
Use the term "exploit" is a little more correctly
...
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
2014-01-17 13:50:23 -06:00
363c53e14e
Clearify when to use a specific CheckCode
...
An example of the biggest confusion module developers face is not
actually knowing the difference between Detected vs Appears vs
Vulnerable. For example: a module might flag something as a
vulnerable by simply doing a banner check, but this is often
unreliable because either 1) that banner can be fooled, or 2)
the patch does not actually update the banner. More reasons may
apply. Just because the banner LOOKS vulnearble doesn't mean it is.
2014-01-17 13:35:17 -06:00
68ccdc8386
Fix a stack trace when module_payloads.rb is run
...
This fixes a missing check for self.target being nil in the compatible_payloads method
2014-01-13 15:36:33 -08:00
4ccf1a4720
Land #2873 , Msf::Handler::ReverseHttp::UriChecksum
2014-01-13 15:38:56 -06:00
41807d7e4e
move rev_http uri checksum code
...
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
e6e6d7aae4
Land #2868 , fix Firefox mixin requires
2014-01-13 14:23:51 -06:00
3db143c452
Remove explicit requires for FF payload.
...
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
02018077ea
dangit odd number of ]s
2014-01-09 15:15:47 -06:00
25337888b0
Move back the expires date.
2014-01-09 14:51:23 -06:00
fe3fed1dba
Add a link to http://bit.ly/msfsurvey in banner
2014-01-09 14:37:41 -06:00
e4460278d2
Fix the closing brackets on the banner.
2014-01-09 14:37:25 -06:00
7af8fe9cd1
Catch exceptions in an XSS script and return the error.
2014-01-07 16:23:24 -06:00
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
73e359ede1
Update reverse_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:06:11 +01:00
e3a3b560e2
Update bind_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:02:52 +01:00
3bf728da61
Dont store in DB by default
2014-01-07 12:20:44 +00:00
9d3b86ecf4
Add explicit require for JSON, so msfpayload runs.
2014-01-05 14:58:18 -06:00
d00acccd4f
Remove Java target, since it no longer works.
2014-01-04 21:22:47 -06:00
8898486820
Change display message to show actual bind address
...
When running a http/https listener the address:port that was being
shown in the output was that which was passed to the victim as part
of the stager and not the actual listener address:port.
This commit fixes this so that the display is correct.
2014-01-05 11:28:51 +10:00
f2f68a61aa
Use shell primitives instead of resorting to
...
echo hacks.
2014-01-04 19:00:36 -06:00
6034c26fa7
Honor LPORT as callback port for HTTP/S handler
...
This commit completes our quest to (optionally) decouple the stage's
callback parameters from the interface/port our handler binds to.
LPORT is now patched into the stage over ReverseListenerBindPort.
2014-01-04 18:52:19 -05:00
sinn3r
Tod Beardsley
Meatballs
jvazquez-r7
lsanchez-r7
HD Moore
William Vu
David Maloney
Joe Vennix
Niel Nielsen
OJ
Raphael Mudge